Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th

Revealed in a presentation at last month’s Black Hat Middle East and Africa conference, was a corporate information leak tactic targeting Saudi Arabian workers using fraudulent LinkedIn profiles.

The LinkedIn attacks start with fraudulent accounts pretending to be Muslim women in their 20s who say they work in Southeast Asia. Once the connection is made, attempts to harvest sensitive corporate information through long, seemingly legitimate professional conversations ensue.

AutoSpill Attack May Lead to Stolen Android Credentials – December 11th

Researchers from the International Institute of Information Technology (IIIT) presented a new attack named ‘AutoSpill’ that enables attackers to steal account credentials on Android devices via an autofill operation, during the Black Hat Europe security conference.

IIIT researchers pinpointed WebView, the Android feature used to open external links through an internal browser view as the starting point of the security flaw, leaving autofilled usernames and passwords vulnerable.

Microsoft One Drive doubles as ransomware tool

Microsoft’s OneDrive includes built in ransomware detection and recovery and is marketed as a safe place to store sensitive documents. However, SafeBrach Researcher, Or Yair, was able to demonstrate its worrying capability to be used by the very criminals it was built to protect against.

Blog Post

Fraudulent LinkedIn Profiles Targeting Saudi Workers for Corporate Data Leaks – December 12th

AutoSpill Attack May Lead to Stolen Android Credentials – December 11th

Microsoft One Drive doubles as ransomware tool